For several years, there has been an uprasing agains GPG. Every now and then someone writes up a blog post and condemn OpenPG and it's implementations for being too hard to use or too easy to mess up. The GPG side is mostly silent... So, this article is in defence of GPG.
For several years, there has been an uprasing against GPG. Every now and then someone writes up a blog post and condemn OpenPG and it's implementations for being too hard to use or too easy to mess up. The GPG side is mostly silent... So, this article is in defence of GPG.
Main points made against GPG can be listed like this:
@ -38,33 +38,33 @@ During these discussion, these point are mostly assumed to be true;
## What's The Problem
We name periods of human history by their defining property. That property is mainly what drives human society and culture at that current age. The iron age was shaped by the superiority of iron as a material for weapons and agricultural tools. Today's digitally shaped age is called [digital feudalism](https://www.schneier.com/essays/archives/2012/11/when_it_comes_to_sec.html) and it governs our lives. Just like regular feudalism the source of society is controlled by few and generated by many and the feudal lords of ours claim their right to their thrones through their infrastructure.
We name periods of human history by their defining property. That property is mainly what drives human society and culture at that current age. The iron age was shaped by the superiority of iron as a material for weapons and agricultural tools. Today's digitally shaped age is called [digital feudalism](https://www.schneier.com/essays/archives/2012/11/when_it_comes_to_sec.html) and it governs our lives. Just like regular feudalism the source of society is controlled by few and generated by many and the feudal lords of ours claim their right to their thrones through their infrastructure.
We as users are fueling the rise of the digital technologies but handful of companies are controlling and profiting from it. Just like peasants of the middle ages, you are seen as basic people who cannot understand the complex life that only a few selected elites can. It is what you are asusmed to be: simple people who wants simple things, like "apps" that will give you what you assumed you need and nothing more. It is the same old condescending view of serfs, now given to you by companies, ignorant and arrogant developers and overall by capitalism.
Today saying "what do I understand about computers" is equivalent to saying "I don't know how to light a fire" in stone age! Just because someone might be feeding you back in those days does not mean that you could survive on your own. The same applies to current digital age. Just because someone is doing **stuff** for you does not ensure your digital survival. There was no easy way to light a fire back then and there will be no "press this button" easy way to take back the power in the digital age. Whoever claims people **want** or **need** only simple stupid apps and whoever denies the fact that we are living in digital feudalism are building a dystopian future where few elite unprecedentedly controls the future. Self determination is never given by anyone but can only be taken by everyone!
This ideology that "people are stupid" and "people want easy(read:stupid)" things dominates today’s end user software development. Good UX does not equal simple. The real meaning in these expressions is; "you are too stupid to take responsibility for your self and to understand what's going on, so we as technological elites will take care of you". This is what's the base of almost all GPG related criticism. GPG is too hard for people!
This ideology that "people are stupid" and "people want easy(read:stupid)" things dominates today’s end user software development. Good UX does not equal simple. The real meaning in these expressions is; "you are too stupid to take responsibility for your self and to understand what's going on, so we as technological elites will take care of you". This is what's the base of almost all GPG related criticism. GPG is too hard for people!
PGP, the preceder of GPG, was conceived in 1991 and this era was shaped by hackers. Not the hackers that main stream media shows in black hoods and authorities around the world paint as people with no moral boundaries. Hackers are the people who playfully expanded what is available to what is possible. This attitude brought general public; personal computers, GNU/Linux operating system that are now powering almost every backbone in the world, 3D printers etc. PGP was shaped by the empowerment of that era, not the "there is an app for that" era of today which is shaped by multi-billion dollar cooperation built upon the cultural and technological accumulation of hackers.
That brings us to the point: GPG is hard for people, but so was the general purpose computers around 20 years ago. Everything requires individual dedication and determination to learn and maintain. What happened with computers is that some people capitalised on the opportunity, poured money into devices and after hundred hours of R&D those computers became "easy". The outcome of that process was a loss of the right to fix, more enclosed and restricted user environments and computers that works against us! So those who invested in computers can profit for their investment.
The same problem exists for encryption. There was no real incentive for capitalists to invest in publicly accessible encryption. Solid encryption would make data impossible for only the user own and this would be counter intuitive to the interest of capitalism. But today there is an incentive: people are afraid of what our digital world has become. They are afraid of their [government's abuse of power](https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present)), they are afraid of [companies taking advantage of their lives](https://www.theguardian.com/technology/2017/sep/26/tinder-personal-data-dating-app-messages-hacked-sold), they are afraid that their [involment in democracy will be lost](https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal). People are afraid and there is no better time to sell something. That's why Apple is now selling [privacy as a product](https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_dispute) and that is why every communication service regardless their privacy invasive tendencies are [promoting encryption](https://faq.whatsapp.com/en/android/28030015/). What is missing is that people are still an object in this case. Whoever holds the key holds the future and there is no alternative to GPG that gives the user the best self determination!
The same problem exists for encryption. There was no real incentive for capitalists to invest in publicly accessible encryption. Solid encryption would make reaching data possible for only the user who owns it and this would be counter intuitive to the interest of capitalism. But today there is an incentive: people are afraid of what our digital world has become. They are afraid of their [government's abuse of power](https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present)), they are afraid of [companies taking advantage of their lives](https://www.theguardian.com/technology/2017/sep/26/tinder-personal-data-dating-app-messages-hacked-sold), they are afraid that their [involment in democracy will be lost](https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal). People are afraid and there is no better time to sell something. That's why Apple is now selling [privacy as a product](https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_dispute) and that is why every communication service regardless their privacy invasive tendencies are [promoting encryption](https://faq.whatsapp.com/en/android/28030015/). What is missing is that people are still an object in this case. Whoever holds the key holds the future and there is no alternative to GPG that gives the user the best self determination!
So, how is GPG doing while the craze to own the next killer encryption app continiue? [**Werner Koch**](https://en.wikipedia.org/wiki/Werner_Koch), is the single person maintaining GPG. He was almost about to give up on GPG for [economic reasons](https://www.propublica.org/article/the-worlds-email-encryption-software-relies-on-one-guy-who-is-going-broke) when the [Snowden incident](https://en.wikipedia.org/wiki/Edward_Snowden) has chanced his decision. The world's whole server infrastructure and personal freedom rests on his shoulder and he had to ask for help. It is a huge difference in investment/impact ratio when compared to every other encryption tool. GPG exist by determination and not throguh capital pressurae.
So, how is GPG doing while the craze to own the next killer encryption app continiue? [**Werner Koch**](https://en.wikipedia.org/wiki/Werner_Koch), is the single person maintaining GPG. He was almost about to give up on GPG for [economic reasons](https://www.propublica.org/article/the-worlds-email-encryption-software-relies-on-one-guy-who-is-going-broke) when the [Snowden incident](https://en.wikipedia.org/wiki/Edward_Snowden) has chanced his decision. The world's whole server infrastructure and personal freedom rests on his shoulder and he had to ask for help. It is a huge difference in investment/impact ratio when compared to every other encryption tool. GPG exist by determination and not through capital pressure.
In every "GPG is dead" cry almost always includes some **killer** new technology that makes more **sense** than GPG. Let's talk about them for a while.
## Signal
A big hit in secure instant messaging. Signal is build upon proprietary software Textsecure and RedPhone that had been once developed by Merlinspike and his co-founder Stuart Anderson. Signal Protocol utilizing [double ratchet](https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm) encryption is a game changer for modern connectivity and implemented in several applications. Signal applications and server code is free software but [their developers and business model is not](oyd signal yazısı bağlantısı). It is [yet another walled garden with no federation](#https://matrix.org/blog/2020/01/02/on-privacy-versus-freedom/) and [claiming GPG is dead](https://moxie.org/blog/gpg-and-me/).
A big hit in secure instant messaging. Signal is build upon proprietary software Textsecure and RedPhone that had been once developed by Merlinspike and his co-founder Stuart Anderson. Signal Protocol utilizing [double ratchet](https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm) encryption is a game changer for modern connectivity and implemented in several applications. Signal applications and server code is free software but [their developers and business model is not](https://oyd.org.tr/en/articles/stop-saying-freedom-is-a-private-matter/). It is [yet another walled garden with no federation](#https://matrix.org/blog/2020/01/02/on-privacy-versus-freedom/) and [claiming GPG is dead](https://moxie.org/blog/gpg-and-me/).
## Matrix Protocol
[Matrix protocol](https://en.wikipedia.org/wiki/Matrix_(protocol)) is an open standard for general communication needs. Like [XMPP -Extensible Messaging and Presence Protocol-](https://en.wikipedia.org/wiki/Xmpp) it is designed to be implemented widely and serve various modern needs of communication. End-to-end encryption is falling behind and there are still implementation problems but if everything goes well Matrix Protocol could be a modern free future. The only problem is Martix Protocol is that still an instant communication system and the cryptography behind it is specialized only for that purpose.
##[Insert Any App or Protocol]
##[Insert Any App or Protocol]
Almost all have some of these short comings:
@ -96,7 +96,7 @@ All these functions have been added in recent years and more are probablys on th
## GPG is single source of concern
Being in control of your key also enables you to use and tie wide array of possible uses to your key. You can use it for SSH, sign your code, use it as a trust source for your actions, use it to encrypt anything and store them anywhere without the fear of loosing your access to the data. While utilising this wide range of options you don't have to deal with multiple softwares and keys. One key backed up safely will handle **EVERYTHİNG!** The size of that key or what other marginally safer algorithm does not matter much.
Being in control of your key also enables you to use and tie wide array of possible uses to your key. You can use it for SSH, sign your code, use it as a trust source for your actions, use it to encrypt anything and store them anywhere without the fear of loosing your access to the data. While utilising this wide range of options you don't have to deal with multiple softwares and keys. One key backed up safely will handle **EVERYTHING!** The size of that key or what other marginally safer algorithm does not matter much.
You only have to keep one key file that is basically your identity and need only worry about that. Every dedicated app will generate a purpose built key for their functions and if you are not willing to take care of it either your key will be uploaded to a server or you will loose your data if you ever loose your devices. A GPG key on a [Yubikey](https://www.yubico.com/) or a smartcard will manage all your identity and encryption needs. It is convenient.
